less than jpake

author: tedu <> 2014-05-07 21:32:19 +0000
committer: tedu <> 2014-05-07 21:32:19 +0000
commit: 6e694fdc39d16d30d31406ef82c6b069d9d005d9 (patch)
tree: 12469735470b89bbcda0188c83db3303073518e6 /src
parent: 37ac31da4961fc4018f3d8c249be86103e04749a (diff)
download: openbsd-6e694fdc39d16d30d31406ef82c6b069d9d005d9.tar.gz
openbsd-6e694fdc39d16d30d31406ef82c6b069d9d005d9.tar.bz2
openbsd-6e694fdc39d16d30d31406ef82c6b069d9d005d9.zip
4 files changed, 4 insertions, 317 deletions
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c
index b2efe6db39..a96de0cd9a 100644
--- a/src/lib/libssl/src/apps/apps.c
+++ b/src/lib/libssl/src/apps/apps.c
@@ -2173,240 +2173,6 @@ policies_print(BIO * out, X509_STORE_CTX * ctx)
                BIO_free(out);
 }
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-static JPAKE_CTX *
-jpake_init(const char *us, const char *them,
-    const char *secret)
-{
-        BIGNUM *p = NULL;
-        BIGNUM *g = NULL;
-        BIGNUM *q = NULL;
-        BIGNUM *bnsecret = BN_new();
-        JPAKE_CTX *ctx;
-        /* Use a safe prime for p (that we found earlier) */
-        BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
-        g = BN_new();
-        BN_set_word(g, 2);
-        q = BN_new();
-        BN_rshift1(q, p);
-        BN_bin2bn((const unsigned char *) secret, strlen(secret), bnsecret);
-        ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
-        BN_free(bnsecret);
-        BN_free(q);
-        BN_free(g);
-        BN_free(p);
-        return ctx;
-}
-static void
-jpake_send_part(BIO * conn, const JPAKE_STEP_PART * p)
-{
-        BN_print(conn, p->gx);
-        BIO_puts(conn, "\n");
-        BN_print(conn, p->zkpx.gr);
-        BIO_puts(conn, "\n");
-        BN_print(conn, p->zkpx.b);
-        BIO_puts(conn, "\n");
-}
-static void
-jpake_send_step1(BIO * bconn, JPAKE_CTX * ctx)
-{
-        JPAKE_STEP1 s1;
-        JPAKE_STEP1_init(&s1);
-        JPAKE_STEP1_generate(&s1, ctx);
-        jpake_send_part(bconn, &s1.p1);
-        jpake_send_part(bconn, &s1.p2);
-        (void) BIO_flush(bconn);
-        JPAKE_STEP1_release(&s1);
-}
-static void
-jpake_send_step2(BIO * bconn, JPAKE_CTX * ctx)
-{
-        JPAKE_STEP2 s2;
-        JPAKE_STEP2_init(&s2);
-        JPAKE_STEP2_generate(&s2, ctx);
-        jpake_send_part(bconn, &s2);
-        (void) BIO_flush(bconn);
-        JPAKE_STEP2_release(&s2);
-}
-static void
-jpake_send_step3a(BIO * bconn, JPAKE_CTX * ctx)
-{
-        JPAKE_STEP3A s3a;
-        JPAKE_STEP3A_init(&s3a);
-        JPAKE_STEP3A_generate(&s3a, ctx);
-        BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
-        (void) BIO_flush(bconn);
-        JPAKE_STEP3A_release(&s3a);
-}
-static void
-jpake_send_step3b(BIO * bconn, JPAKE_CTX * ctx)
-{
-        JPAKE_STEP3B s3b;
-        JPAKE_STEP3B_init(&s3b);
-        JPAKE_STEP3B_generate(&s3b, ctx);
-        BIO_write(bconn, s3b.hk, sizeof s3b.hk);
-        (void) BIO_flush(bconn);
-        JPAKE_STEP3B_release(&s3b);
-}
-static void
-readbn(BIGNUM ** bn, BIO * bconn)
-{
-        char buf[10240];
-        int l;
-        l = BIO_gets(bconn, buf, sizeof buf);
-        assert(l > 0);
-        assert(buf[l - 1] == '\n');
-        buf[l - 1] = '\0';
-        BN_hex2bn(bn, buf);
-}
-static void
-jpake_receive_part(JPAKE_STEP_PART * p, BIO * bconn)
-{
-        readbn(&p->gx, bconn);
-        readbn(&p->zkpx.gr, bconn);
-        readbn(&p->zkpx.b, bconn);
-}
-static void
-jpake_receive_step1(JPAKE_CTX * ctx, BIO * bconn)
-{
-        JPAKE_STEP1 s1;
-        JPAKE_STEP1_init(&s1);
-        jpake_receive_part(&s1.p1, bconn);
-        jpake_receive_part(&s1.p2, bconn);
-        if (!JPAKE_STEP1_process(ctx, &s1)) {
-                ERR_print_errors(bio_err);
-                exit(1);
-        }
-        JPAKE_STEP1_release(&s1);
-}
-static void
-jpake_receive_step2(JPAKE_CTX * ctx, BIO * bconn)
-{
-        JPAKE_STEP2 s2;
-        JPAKE_STEP2_init(&s2);
-        jpake_receive_part(&s2, bconn);
-        if (!JPAKE_STEP2_process(ctx, &s2)) {
-                ERR_print_errors(bio_err);
-                exit(1);
-        }
-        JPAKE_STEP2_release(&s2);
-}
-static void
-jpake_receive_step3a(JPAKE_CTX * ctx, BIO * bconn)
-{
-        JPAKE_STEP3A s3a;
-        int l;
-        JPAKE_STEP3A_init(&s3a);
-        l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
-        assert(l == sizeof s3a.hhk);
-        if (!JPAKE_STEP3A_process(ctx, &s3a)) {
-                ERR_print_errors(bio_err);
-                exit(1);
-        }
-        JPAKE_STEP3A_release(&s3a);
-}
-static void
-jpake_receive_step3b(JPAKE_CTX * ctx, BIO * bconn)
-{
-        JPAKE_STEP3B s3b;
-        int l;
-        JPAKE_STEP3B_init(&s3b);
-        l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
-        assert(l == sizeof s3b.hk);
-        if (!JPAKE_STEP3B_process(ctx, &s3b)) {
-                ERR_print_errors(bio_err);
-                exit(1);
-        }
-        JPAKE_STEP3B_release(&s3b);
-}
-void
-jpake_client_auth(BIO * out, BIO * conn, const char *secret)
-{
-        JPAKE_CTX *ctx;
-        BIO *bconn;
-        BIO_puts(out, "Authenticating with JPAKE\n");
-        ctx = jpake_init("client", "server", secret);
-        bconn = BIO_new(BIO_f_buffer());
-        BIO_push(bconn, conn);
-        jpake_send_step1(bconn, ctx);
-        jpake_receive_step1(ctx, bconn);
-        jpake_send_step2(bconn, ctx);
-        jpake_receive_step2(ctx, bconn);
-        jpake_send_step3a(bconn, ctx);
-        jpake_receive_step3b(ctx, bconn);
-        BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
-        psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
-        BIO_pop(bconn);
-        BIO_free(bconn);
-        JPAKE_CTX_free(ctx);
-}
-void
-jpake_server_auth(BIO * out, BIO * conn, const char *secret)
-{
-        JPAKE_CTX *ctx;
-        BIO *bconn;
-        BIO_puts(out, "Authenticating with JPAKE\n");
-        ctx = jpake_init("server", "client", secret);
-        bconn = BIO_new(BIO_f_buffer());
-        BIO_push(bconn, conn);
-        jpake_receive_step1(ctx, bconn);
-        jpake_send_step1(bconn, ctx);
-        jpake_receive_step2(ctx, bconn);
-        jpake_send_step2(bconn, ctx);
-        jpake_receive_step3a(ctx, bconn);
-        jpake_send_step3b(bconn, ctx);
-        BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
-        psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
-        BIO_pop(bconn);
-        BIO_free(bconn);
-        JPAKE_CTX_free(ctx);
-}
-#endif
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
 /* next_protos_parse parses a comma separated list of strings into a string
 * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h
index 42c5f9e368..cbbf0eaefd 100644
--- a/src/lib/libssl/src/apps/apps.h
+++ b/src/lib/libssl/src/apps/apps.h
@@ -246,10 +246,6 @@ int do_X509_CRL_sign(BIO *err, X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
 #ifndef OPENSSL_NO_PSK
 extern char *psk_key;
 #endif
-#ifndef OPENSSL_NO_JPAKE
-void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
-void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
-#endif
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
 unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index 3dc613ebc2..b90a096b40 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -301,9 +301,6 @@ sc_usage(void)
 #ifndef OPENSSL_NO_PSK
        BIO_printf(bio_err, " -psk_identity arg - PSK identity\n");
        BIO_printf(bio_err, " -psk arg      - PSK in hex (without 0x)\n");
-#ifndef OPENSSL_NO_JPAKE
-        BIO_printf(bio_err, " -jpake arg    - JPAKE secret to use\n");
-#endif
 #endif
        BIO_printf(bio_err, " -ssl3         - just use SSLv3\n");
        BIO_printf(bio_err, " -tls1_2       - just use TLSv1.2\n");
@@ -467,9 +464,6 @@ s_client_main(int argc, char **argv)
        int peerlen = sizeof(peer);
        int enable_timeouts = 0;
        long socket_mtu = 0;
-#ifndef OPENSSL_NO_JPAKE
-        char *jpake_secret = NULL;
-#endif
        meth = SSLv23_client_method();
@@ -727,13 +721,6 @@ s_client_main(int argc, char **argv)
                        /* meth=TLSv1_client_method(); */
                }
 #endif
-#ifndef OPENSSL_NO_JPAKE
-                else if (strcmp(*argv, "-jpake") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        jpake_secret = *++argv;
-                }
-#endif
 #ifndef OPENSSL_NO_SRTP
                else if (strcmp(*argv, "-use_srtp") == 0) {
                        if (--argc < 1)
@@ -764,21 +751,6 @@ bad:
                sc_usage();
                goto end;
        }
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-        if (jpake_secret) {
-                if (psk_key) {
-                        BIO_printf(bio_err,
-                            "Can't use JPAKE and PSK together\n");
-                        goto end;
-                }
-                psk_identity = "JPAKE";
-                if (cipher) {
-                        BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
-                        goto end;
-                }
-                cipher = "PSK";
-        }
-#endif
        OpenSSL_add_ssl_algorithms();
        SSL_load_error_strings();
@@ -862,14 +834,9 @@ bad:
 #endif
 #ifndef OPENSSL_NO_PSK
-#ifdef OPENSSL_NO_JPAKE
+        if (psk_key != NULL) {
-        if (psk_key != NULL)
-#else
-        if (psk_key != NULL || jpake_secret)
-#endif
-        {
                if (c_debug)
-                        BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");
+                        BIO_printf(bio_c_out, "PSK key given, setting client callback\n");
                SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
        }
 #endif
@@ -1055,10 +1022,6 @@ re_start:
 #endif
        }
 #endif
-#ifndef OPENSSL_NO_JPAKE
-        if (jpake_secret)
-                jpake_client_auth(bio_c_out, sbio, jpake_secret);
-#endif
        SSL_set_bio(con, sbio, sbio);
        SSL_set_connect_state(con);
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index c34816749a..6cb43ed45d 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -426,11 +426,7 @@ sv_usage(void)
 #ifndef OPENSSL_NO_PSK
        BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n");
        BIO_printf(bio_err, " -psk arg      - PSK in hex (without 0x)\n");
-#ifndef OPENSSL_NO_JPAKE
-        BIO_printf(bio_err, " -jpake arg    - JPAKE secret to use\n");
 #endif
-#endif
-        BIO_printf(bio_err, " -ssl2         - Just talk SSLv2\n");
        BIO_printf(bio_err, " -ssl3         - Just talk SSLv3\n");
        BIO_printf(bio_err, " -tls1_2       - Just talk TLSv1.2\n");
        BIO_printf(bio_err, " -tls1_1       - Just talk TLSv1.1\n");
@@ -676,9 +672,6 @@ next_proto_cb(SSL * s, const unsigned char **data, unsigned int *len, void *arg)
 int s_server_main(int, char **);
-#ifndef OPENSSL_NO_JPAKE
-static char *jpake_secret = NULL;
-#endif
 #ifndef OPENSSL_NO_SRTP
 static char *srtp_profiles = NULL;
 #endif
@@ -1009,13 +1002,6 @@ s_server_main(int argc, char *argv[])
                }
 #endif
 #endif
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-                else if (strcmp(*argv, "-jpake") == 0) {
-                        if (--argc < 1)
-                                goto bad;
-                        jpake_secret = *(++argv);
-                }
-#endif
 #ifndef OPENSSL_NO_SRTP
                else if (strcmp(*argv, "-use_srtp") == 0) {
                        if (--argc < 1)
@@ -1046,21 +1032,6 @@ bad:
                sv_usage();
                goto end;
        }
-#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-        if (jpake_secret) {
-                if (psk_key) {
-                        BIO_printf(bio_err,
-                            "Can't use JPAKE and PSK together\n");
-                        goto end;
-                }
-                psk_identity = "JPAKE";
-                if (cipher) {
-                        BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
-                        goto end;
-                }
-                cipher = "PSK";
-        }
-#endif
        SSL_load_error_strings();
        OpenSSL_add_ssl_algorithms();
@@ -1414,14 +1385,9 @@ bad:
 #endif
 #ifndef OPENSSL_NO_PSK
-#ifdef OPENSSL_NO_JPAKE
+        if (psk_key != NULL) {
-        if (psk_key != NULL)
-#else
-        if (psk_key != NULL || jpake_secret)
-#endif
-        {
                if (s_debug)
-                        BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n");
+                        BIO_printf(bio_s_out, "PSK key given, setting server callback\n");
                SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
        }
        if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
@@ -1628,10 +1594,6 @@ sv_body(char *hostname, int s, unsigned char *context)
                test = BIO_new(BIO_f_nbio_test());
                sbio = BIO_push(test, sbio);
        }
-#ifndef OPENSSL_NO_JPAKE
-        if (jpake_secret)
-                jpake_server_auth(bio_s_out, sbio, jpake_secret);
-#endif
        SSL_set_bio(con, sbio, sbio);
        SSL_set_accept_state(con);
author	tedu <>	2014-05-07 21:32:19 +0000
committer	tedu <>	2014-05-07 21:32:19 +0000
commit	6e694fdc39d16d30d31406ef82c6b069d9d005d9 (patch)
tree	12469735470b89bbcda0188c83db3303073518e6 /src
parent	37ac31da4961fc4018f3d8c249be86103e04749a (diff)
download	openbsd-6e694fdc39d16d30d31406ef82c6b069d9d005d9.tar.gz openbsd-6e694fdc39d16d30d31406ef82c6b069d9d005d9.tar.bz2 openbsd-6e694fdc39d16d30d31406ef82c6b069d9d005d9.zip

diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c index b2efe6db39..a96de0cd9a 100644 --- a/src/lib/libssl/src/apps/apps.c +++ b/src/lib/libssl/src/apps/apps.c
@@ -2173,240 +2173,6 @@ policies_print(BIO * out, X509_STORE_CTX * ctx)
2173	BIO_free(out);	2173	BIO_free(out);
2174	}	2174	}
2175		2175
2176	#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
2177
2178	static JPAKE_CTX *
2179	jpake_init(const char us, const char them,
2180	const char *secret)
2181	{
2182	BIGNUM *p = NULL;
2183	BIGNUM *g = NULL;
2184	BIGNUM *q = NULL;
2185	BIGNUM *bnsecret = BN_new();
2186	JPAKE_CTX *ctx;
2187
2188	/* Use a safe prime for p (that we found earlier) */
2189	BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
2190	g = BN_new();
2191	BN_set_word(g, 2);
2192	q = BN_new();
2193	BN_rshift1(q, p);
2194
2195	BN_bin2bn((const unsigned char *) secret, strlen(secret), bnsecret);
2196
2197	ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
2198	BN_free(bnsecret);
2199	BN_free(q);
2200	BN_free(g);
2201	BN_free(p);
2202
2203	return ctx;
2204	}
2205
2206	static void
2207	jpake_send_part(BIO * conn, const JPAKE_STEP_PART * p)
2208	{
2209	BN_print(conn, p->gx);
2210	BIO_puts(conn, "\n");
2211	BN_print(conn, p->zkpx.gr);
2212	BIO_puts(conn, "\n");
2213	BN_print(conn, p->zkpx.b);
2214	BIO_puts(conn, "\n");
2215	}
2216
2217	static void
2218	jpake_send_step1(BIO * bconn, JPAKE_CTX * ctx)
2219	{
2220	JPAKE_STEP1 s1;
2221
2222	JPAKE_STEP1_init(&s1);
2223	JPAKE_STEP1_generate(&s1, ctx);
2224	jpake_send_part(bconn, &s1.p1);
2225	jpake_send_part(bconn, &s1.p2);
2226	(void) BIO_flush(bconn);
2227	JPAKE_STEP1_release(&s1);
2228	}
2229
2230	static void
2231	jpake_send_step2(BIO * bconn, JPAKE_CTX * ctx)
2232	{
2233	JPAKE_STEP2 s2;
2234
2235	JPAKE_STEP2_init(&s2);
2236	JPAKE_STEP2_generate(&s2, ctx);
2237	jpake_send_part(bconn, &s2);
2238	(void) BIO_flush(bconn);
2239	JPAKE_STEP2_release(&s2);
2240	}
2241
2242	static void
2243	jpake_send_step3a(BIO * bconn, JPAKE_CTX * ctx)
2244	{
2245	JPAKE_STEP3A s3a;
2246
2247	JPAKE_STEP3A_init(&s3a);
2248	JPAKE_STEP3A_generate(&s3a, ctx);
2249	BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
2250	(void) BIO_flush(bconn);
2251	JPAKE_STEP3A_release(&s3a);
2252	}
2253
2254	static void
2255	jpake_send_step3b(BIO * bconn, JPAKE_CTX * ctx)
2256	{
2257	JPAKE_STEP3B s3b;
2258
2259	JPAKE_STEP3B_init(&s3b);
2260	JPAKE_STEP3B_generate(&s3b, ctx);
2261	BIO_write(bconn, s3b.hk, sizeof s3b.hk);
2262	(void) BIO_flush(bconn);
2263	JPAKE_STEP3B_release(&s3b);
2264	}
2265
2266	static void
2267	readbn(BIGNUM ** bn, BIO * bconn)
2268	{
2269	char buf[10240];
2270	int l;
2271
2272	l = BIO_gets(bconn, buf, sizeof buf);
2273	assert(l > 0);
2274	assert(buf[l - 1] == '\n');
2275	buf[l - 1] = '\0';
2276	BN_hex2bn(bn, buf);
2277	}
2278
2279	static void
2280	jpake_receive_part(JPAKE_STEP_PART * p, BIO * bconn)
2281	{
2282	readbn(&p->gx, bconn);
2283	readbn(&p->zkpx.gr, bconn);
2284	readbn(&p->zkpx.b, bconn);
2285	}
2286
2287	static void
2288	jpake_receive_step1(JPAKE_CTX * ctx, BIO * bconn)
2289	{
2290	JPAKE_STEP1 s1;
2291
2292	JPAKE_STEP1_init(&s1);
2293	jpake_receive_part(&s1.p1, bconn);
2294	jpake_receive_part(&s1.p2, bconn);
2295	if (!JPAKE_STEP1_process(ctx, &s1)) {
2296	ERR_print_errors(bio_err);
2297	exit(1);
2298	}
2299	JPAKE_STEP1_release(&s1);
2300	}
2301
2302	static void
2303	jpake_receive_step2(JPAKE_CTX * ctx, BIO * bconn)
2304	{
2305	JPAKE_STEP2 s2;
2306
2307	JPAKE_STEP2_init(&s2);
2308	jpake_receive_part(&s2, bconn);
2309	if (!JPAKE_STEP2_process(ctx, &s2)) {
2310	ERR_print_errors(bio_err);
2311	exit(1);
2312	}
2313	JPAKE_STEP2_release(&s2);
2314	}
2315
2316	static void
2317	jpake_receive_step3a(JPAKE_CTX * ctx, BIO * bconn)
2318	{
2319	JPAKE_STEP3A s3a;
2320	int l;
2321
2322	JPAKE_STEP3A_init(&s3a);
2323	l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
2324	assert(l == sizeof s3a.hhk);
2325	if (!JPAKE_STEP3A_process(ctx, &s3a)) {
2326	ERR_print_errors(bio_err);
2327	exit(1);
2328	}
2329	JPAKE_STEP3A_release(&s3a);
2330	}
2331
2332	static void
2333	jpake_receive_step3b(JPAKE_CTX * ctx, BIO * bconn)
2334	{
2335	JPAKE_STEP3B s3b;
2336	int l;
2337
2338	JPAKE_STEP3B_init(&s3b);
2339	l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
2340	assert(l == sizeof s3b.hk);
2341	if (!JPAKE_STEP3B_process(ctx, &s3b)) {
2342	ERR_print_errors(bio_err);
2343	exit(1);
2344	}
2345	JPAKE_STEP3B_release(&s3b);
2346	}
2347
2348	void
2349	jpake_client_auth(BIO * out, BIO * conn, const char *secret)
2350	{
2351	JPAKE_CTX *ctx;
2352	BIO *bconn;
2353
2354	BIO_puts(out, "Authenticating with JPAKE\n");
2355
2356	ctx = jpake_init("client", "server", secret);
2357
2358	bconn = BIO_new(BIO_f_buffer());
2359	BIO_push(bconn, conn);
2360
2361	jpake_send_step1(bconn, ctx);
2362	jpake_receive_step1(ctx, bconn);
2363	jpake_send_step2(bconn, ctx);
2364	jpake_receive_step2(ctx, bconn);
2365	jpake_send_step3a(bconn, ctx);
2366	jpake_receive_step3b(ctx, bconn);
2367
2368	BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
2369
2370	psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
2371
2372	BIO_pop(bconn);
2373	BIO_free(bconn);
2374
2375	JPAKE_CTX_free(ctx);
2376	}
2377
2378	void
2379	jpake_server_auth(BIO * out, BIO * conn, const char *secret)
2380	{
2381	JPAKE_CTX *ctx;
2382	BIO *bconn;
2383
2384	BIO_puts(out, "Authenticating with JPAKE\n");
2385
2386	ctx = jpake_init("server", "client", secret);
2387
2388	bconn = BIO_new(BIO_f_buffer());
2389	BIO_push(bconn, conn);
2390
2391	jpake_receive_step1(ctx, bconn);
2392	jpake_send_step1(bconn, ctx);
2393	jpake_receive_step2(ctx, bconn);
2394	jpake_send_step2(bconn, ctx);
2395	jpake_receive_step3a(ctx, bconn);
2396	jpake_send_step3b(bconn, ctx);
2397
2398	BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n");
2399
2400	psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx));
2401
2402	BIO_pop(bconn);
2403	BIO_free(bconn);
2404
2405	JPAKE_CTX_free(ctx);
2406	}
2407
2408	#endif
2409
2410	#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)	2176	#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
2411	/* next_protos_parse parses a comma separated list of strings into a string	2177	/* next_protos_parse parses a comma separated list of strings into a string
2412	* in a format suitable for passing to SSL_CTX_set_next_protos_advertised.	2178	* in a format suitable for passing to SSL_CTX_set_next_protos_advertised.


diff --git a/src/lib/libssl/src/apps/apps.h b/src/lib/libssl/src/apps/apps.h index 42c5f9e368..cbbf0eaefd 100644 --- a/src/lib/libssl/src/apps/apps.h +++ b/src/lib/libssl/src/apps/apps.h
@@ -246,10 +246,6 @@ int do_X509_CRL_sign(BIO err, X509_CRL x, EVP_PKEY pkey, const EVP_MD md,
246	#ifndef OPENSSL_NO_PSK	246	#ifndef OPENSSL_NO_PSK
247	extern char *psk_key;	247	extern char *psk_key;
248	#endif	248	#endif
249	#ifndef OPENSSL_NO_JPAKE
250	void jpake_client_auth(BIO out, BIO conn, const char *secret);
251	void jpake_server_auth(BIO out, BIO conn, const char *secret);
252	#endif
253		249
254	#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)	250	#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
255	unsigned char next_protos_parse(unsigned short outlen, const char *in);	251	unsigned char next_protos_parse(unsigned short outlen, const char *in);


diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c index 3dc613ebc2..b90a096b40 100644 --- a/src/lib/libssl/src/apps/s_client.c +++ b/src/lib/libssl/src/apps/s_client.c
@@ -301,9 +301,6 @@ sc_usage(void)
301	#ifndef OPENSSL_NO_PSK	301	#ifndef OPENSSL_NO_PSK
302	BIO_printf(bio_err, " -psk_identity arg - PSK identity\n");	302	BIO_printf(bio_err, " -psk_identity arg - PSK identity\n");
303	BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n");	303	BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n");
304	#ifndef OPENSSL_NO_JPAKE
305	BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n");
306	#endif
307	#endif	304	#endif
308	BIO_printf(bio_err, " -ssl3 - just use SSLv3\n");	305	BIO_printf(bio_err, " -ssl3 - just use SSLv3\n");
309	BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n");	306	BIO_printf(bio_err, " -tls1_2 - just use TLSv1.2\n");
@@ -467,9 +464,6 @@ s_client_main(int argc, char **argv)
467	int peerlen = sizeof(peer);	464	int peerlen = sizeof(peer);
468	int enable_timeouts = 0;	465	int enable_timeouts = 0;
469	long socket_mtu = 0;	466	long socket_mtu = 0;
470	#ifndef OPENSSL_NO_JPAKE
471	char *jpake_secret = NULL;
472	#endif
473		467
474	meth = SSLv23_client_method();	468	meth = SSLv23_client_method();
475		469
@@ -727,13 +721,6 @@ s_client_main(int argc, char **argv)
727	/* meth=TLSv1_client_method(); */	721	/* meth=TLSv1_client_method(); */
728	}	722	}
729	#endif	723	#endif
730	#ifndef OPENSSL_NO_JPAKE
731	else if (strcmp(*argv, "-jpake") == 0) {
732	if (--argc < 1)
733	goto bad;
734	jpake_secret = *++argv;
735	}
736	#endif
737	#ifndef OPENSSL_NO_SRTP	724	#ifndef OPENSSL_NO_SRTP
738	else if (strcmp(*argv, "-use_srtp") == 0) {	725	else if (strcmp(*argv, "-use_srtp") == 0) {
739	if (--argc < 1)	726	if (--argc < 1)
@@ -764,21 +751,6 @@ bad:
764	sc_usage();	751	sc_usage();
765	goto end;	752	goto end;
766	}	753	}
767	#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
768	if (jpake_secret) {
769	if (psk_key) {
770	BIO_printf(bio_err,
771	"Can't use JPAKE and PSK together\n");
772	goto end;
773	}
774	psk_identity = "JPAKE";
775	if (cipher) {
776	BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
777	goto end;
778	}
779	cipher = "PSK";
780	}
781	#endif
782		754
783	OpenSSL_add_ssl_algorithms();	755	OpenSSL_add_ssl_algorithms();
784	SSL_load_error_strings();	756	SSL_load_error_strings();
@@ -862,14 +834,9 @@ bad:
862	#endif	834	#endif
863		835
864	#ifndef OPENSSL_NO_PSK	836	#ifndef OPENSSL_NO_PSK
865	#ifdef OPENSSL_NO_JPAKE	837	if (psk_key != NULL) {
866	if (psk_key != NULL)
867	#else
868	if (psk_key != NULL \|\| jpake_secret)
869	#endif
870	{
871	if (c_debug)	838	if (c_debug)
872	BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n");	839	BIO_printf(bio_c_out, "PSK key given, setting client callback\n");
873	SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);	840	SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
874	}	841	}
875	#endif	842	#endif
@@ -1055,10 +1022,6 @@ re_start:
1055	#endif	1022	#endif
1056	}	1023	}
1057	#endif	1024	#endif
1058	#ifndef OPENSSL_NO_JPAKE
1059	if (jpake_secret)
1060	jpake_client_auth(bio_c_out, sbio, jpake_secret);
1061	#endif
1062		1025
1063	SSL_set_bio(con, sbio, sbio);	1026	SSL_set_bio(con, sbio, sbio);
1064	SSL_set_connect_state(con);	1027	SSL_set_connect_state(con);


diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c index c34816749a..6cb43ed45d 100644 --- a/src/lib/libssl/src/apps/s_server.c +++ b/src/lib/libssl/src/apps/s_server.c
@@ -426,11 +426,7 @@ sv_usage(void)
426	#ifndef OPENSSL_NO_PSK	426	#ifndef OPENSSL_NO_PSK
427	BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n");	427	BIO_printf(bio_err, " -psk_hint arg - PSK identity hint to use\n");
428	BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n");	428	BIO_printf(bio_err, " -psk arg - PSK in hex (without 0x)\n");
429	#ifndef OPENSSL_NO_JPAKE
430	BIO_printf(bio_err, " -jpake arg - JPAKE secret to use\n");
431	#endif	429	#endif
432	#endif
433	BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n");
434	BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n");	430	BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n");
435	BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n");	431	BIO_printf(bio_err, " -tls1_2 - Just talk TLSv1.2\n");
436	BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n");	432	BIO_printf(bio_err, " -tls1_1 - Just talk TLSv1.1\n");
@@ -676,9 +672,6 @@ next_proto_cb(SSL * s, const unsigned char *data, unsigned int len, void *arg)
676		672
677	int s_server_main(int, char **);	673	int s_server_main(int, char **);
678		674
679	#ifndef OPENSSL_NO_JPAKE
680	static char *jpake_secret = NULL;
681	#endif
682	#ifndef OPENSSL_NO_SRTP	675	#ifndef OPENSSL_NO_SRTP
683	static char *srtp_profiles = NULL;	676	static char *srtp_profiles = NULL;
684	#endif	677	#endif
@@ -1009,13 +1002,6 @@ s_server_main(int argc, char *argv[])
1009	}	1002	}
1010	#endif	1003	#endif
1011	#endif	1004	#endif
1012	#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
1013	else if (strcmp(*argv, "-jpake") == 0) {
1014	if (--argc < 1)
1015	goto bad;
1016	jpake_secret = *(++argv);
1017	}
1018	#endif
1019	#ifndef OPENSSL_NO_SRTP	1005	#ifndef OPENSSL_NO_SRTP
1020	else if (strcmp(*argv, "-use_srtp") == 0) {	1006	else if (strcmp(*argv, "-use_srtp") == 0) {
1021	if (--argc < 1)	1007	if (--argc < 1)
@@ -1046,21 +1032,6 @@ bad:
1046	sv_usage();	1032	sv_usage();
1047	goto end;	1033	goto end;
1048	}	1034	}
1049	#if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
1050	if (jpake_secret) {
1051	if (psk_key) {
1052	BIO_printf(bio_err,
1053	"Can't use JPAKE and PSK together\n");
1054	goto end;
1055	}
1056	psk_identity = "JPAKE";
1057	if (cipher) {
1058	BIO_printf(bio_err, "JPAKE sets cipher to PSK\n");
1059	goto end;
1060	}
1061	cipher = "PSK";
1062	}
1063	#endif
1064		1035
1065	SSL_load_error_strings();	1036	SSL_load_error_strings();
1066	OpenSSL_add_ssl_algorithms();	1037	OpenSSL_add_ssl_algorithms();
@@ -1414,14 +1385,9 @@ bad:
1414	#endif	1385	#endif
1415		1386
1416	#ifndef OPENSSL_NO_PSK	1387	#ifndef OPENSSL_NO_PSK
1417	#ifdef OPENSSL_NO_JPAKE	1388	if (psk_key != NULL) {
1418	if (psk_key != NULL)
1419	#else
1420	if (psk_key != NULL \|\| jpake_secret)
1421	#endif
1422	{
1423	if (s_debug)	1389	if (s_debug)
1424	BIO_printf(bio_s_out, "PSK key given or JPAKE in use, setting server callback\n");	1390	BIO_printf(bio_s_out, "PSK key given, setting server callback\n");
1425	SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);	1391	SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
1426	}	1392	}
1427	if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {	1393	if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
@@ -1628,10 +1594,6 @@ sv_body(char hostname, int s, unsigned char context)
1628	test = BIO_new(BIO_f_nbio_test());	1594	test = BIO_new(BIO_f_nbio_test());
1629	sbio = BIO_push(test, sbio);	1595	sbio = BIO_push(test, sbio);
1630	}	1596	}
1631	#ifndef OPENSSL_NO_JPAKE
1632	if (jpake_secret)
1633	jpake_server_auth(bio_s_out, sbio, jpake_secret);
1634	#endif
1635		1597
1636	SSL_set_bio(con, sbio, sbio);	1598	SSL_set_bio(con, sbio, sbio);
1637	SSL_set_accept_state(con);	1599	SSL_set_accept_state(con);